| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5801 |
CVE-2017-7416 |
79 |
|
XSS |
2017-06-26 |
2017-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. |
|
5802 |
CVE-2017-7409 |
79 |
|
XSS |
2017-04-20 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. |
|
5803 |
CVE-2017-7395 |
190 |
|
Overflow |
2017-03-31 |
2018-01-12 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. |
|
5804 |
CVE-2017-7391 |
79 |
|
Exec Code XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5805 |
CVE-2017-7390 |
79 |
|
Exec Code XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5806 |
CVE-2017-7389 |
79 |
|
Exec Code XSS |
2017-03-31 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5807 |
CVE-2017-7388 |
79 |
|
Exec Code XSS |
2017-03-31 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5808 |
CVE-2017-7387 |
79 |
|
XSS |
2017-03-31 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). |
|
5809 |
CVE-2017-7386 |
79 |
|
XSS |
2017-03-31 |
2017-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). |
|
5810 |
CVE-2017-7384 |
79 |
|
XSS |
2017-06-01 |
2017-06-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. |
|
5811 |
CVE-2017-7383 |
476 |
|
DoS |
2017-04-03 |
2017-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
|
5812 |
CVE-2017-7382 |
476 |
|
DoS |
2017-04-03 |
2017-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
|
5813 |
CVE-2017-7381 |
476 |
|
DoS |
2017-04-03 |
2017-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
|
5814 |
CVE-2017-7380 |
476 |
|
DoS |
2017-04-03 |
2017-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. |
|
5815 |
CVE-2017-7379 |
119 |
|
DoS Overflow |
2017-04-03 |
2017-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. |
|
5816 |
CVE-2017-7378 |
119 |
|
DoS Overflow |
2017-04-03 |
2017-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. |
|
5817 |
CVE-2017-7366 |
20 |
|
|
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. |
|
5818 |
CVE-2017-7363 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. |
|
5819 |
CVE-2017-7362 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. |
|
5820 |
CVE-2017-7361 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. |
|
5821 |
CVE-2017-7360 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. |
|
5822 |
CVE-2017-7359 |
79 |
|
XSS |
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. |
|
5823 |
CVE-2017-7351 |
89 |
|
Sql |
2018-02-08 |
2018-02-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload. |
|
5824 |
CVE-2017-7346 |
20 |
|
DoS |
2017-03-30 |
2017-11-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. |
|
5825 |
CVE-2017-7339 |
79 |
|
Exec Code XSS |
2017-05-26 |
2017-05-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. |
|
5826 |
CVE-2017-7320 |
79 |
|
DoS XSS Http R.Spl. |
2017-03-30 |
2017-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. |
|
5827 |
CVE-2017-7316 |
79 |
|
XSS |
2017-07-03 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. |
|
5828 |
CVE-2017-7299 |
125 |
|
|
2017-03-29 |
2017-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. |
|
5829 |
CVE-2017-7296 |
79 |
|
XSS |
2017-05-27 |
2017-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. |
|
5830 |
CVE-2017-7288 |
79 |
|
XSS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
5831 |
CVE-2017-7276 |
79 |
|
XSS |
2017-07-04 |
2017-07-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. |
|
5832 |
CVE-2017-7275 |
119 |
|
DoS Overflow |
2017-03-27 |
2017-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. |
|
5833 |
CVE-2017-7274 |
476 |
|
DoS |
2017-03-27 |
2017-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. |
|
5834 |
CVE-2017-7273 |
|
|
DoS |
2017-03-27 |
2017-04-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. |
|
5835 |
CVE-2017-7271 |
79 |
|
XSS |
2017-03-27 |
2017-05-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. |
|
5836 |
CVE-2017-7262 |
20 |
|
DoS |
2017-03-24 |
2017-03-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. |
|
5837 |
CVE-2017-7261 |
20 |
|
DoS |
2017-03-24 |
2017-03-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. |
|
5838 |
CVE-2017-7251 |
79 |
|
Exec Code XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5839 |
CVE-2017-7250 |
79 |
|
Exec Code XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5840 |
CVE-2017-7249 |
79 |
|
Exec Code XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5841 |
CVE-2017-7248 |
79 |
|
Exec Code XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5842 |
CVE-2017-7247 |
79 |
|
Exec Code XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
5843 |
CVE-2017-7244 |
125 |
|
DoS |
2017-03-23 |
2018-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. |
|
5844 |
CVE-2017-7242 |
79 |
|
XSS |
2017-03-23 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. |
|
5845 |
CVE-2017-7224 |
787 |
|
|
2017-03-22 |
2018-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. |
|
5846 |
CVE-2017-7222 |
79 |
|
XSS |
2017-03-22 |
2017-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). |
|
5847 |
CVE-2017-7218 |
264 |
|
+Priv |
2017-04-14 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters. |
|
5848 |
CVE-2017-7217 |
20 |
|
|
2017-04-14 |
2017-07-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. |
|
5849 |
CVE-2017-7216 |
200 |
|
+Info |
2017-05-02 |
2017-05-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. |
|
5850 |
CVE-2017-7215 |
79 |
|
XSS |
2017-03-21 |
2017-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. |
